US4771458A - Secure data packet transmission system and method - Google Patents
Secure data packet transmission system and method Download PDFInfo
- Publication number
- US4771458A US4771458A US07/025,236 US2523687A US4771458A US 4771458 A US4771458 A US 4771458A US 2523687 A US2523687 A US 2523687A US 4771458 A US4771458 A US 4771458A
- Authority
- US
- United States
- Prior art keywords
- global
- address
- data packet
- stored
- subscriber terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04H—BROADCAST COMMUNICATION
- H04H60/00—Arrangements for broadcast applications with a direct linking to broadcast information or broadcast space-time; Broadcast-related systems
- H04H60/09—Arrangements for device control with a direct linkage to broadcast information or to broadcast space-time; Arrangements for control of broadcast-related services
- H04H60/14—Arrangements for conditional access to broadcast information or to broadcast-related services
- H04H60/23—Arrangements for conditional access to broadcast information or to broadcast-related services using cryptography, e.g. encryption, authentication, key distribution
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/34—Encoding or coding, e.g. Huffman coding or error correction
Definitions
- This invention relates generally to data packet communication systems and methods. It should be emphasized that while the inventions herein are described with respect to, and are particularly adapted to use with, television signal communication systems, they are not limited thereto, the inventions being equally applicable to any communications system of the data packet type.
- the inventions will be described in connection with a cable-connected television transmission system wherein the signals from a head-end are supplied to a plurality of subscriber terminals, connected to the head-end by a cable, for controlling individual subscriber terminal decoder units.
- the inventive system will find particular use in a subscription television signal scrambling system including a data packet communication arrangement wherein encrypted binary data is transmitted during selected horizontal lines of the television signal.
- television signal scrambling may conveniently be accomplished by suppression of the horizontal blanking signals and phase reversal of the video carrier during the blanking periods.
- Data may be communicated by pulse width modulation of the horizontal blanking intervals. Suppression of the horizontal sync signals scrambles the video signal such that it is rendered unviewable when received by a conventional television receiver.
- each subscriber terminal is provided with a decoder that is operable for unscrambling the television signals and for coupling the unscrambled signals to a television receiver for viewing. Since security is a prime consideration in the design of any such system, the unscrambling technique needs to be sufficiently complex to deter would-be pirates while being capable of providing reliable decoding by authorized system subscriber terminals.
- the first packet is termed a "global" packet and is receivable by all subscriber terminals, whereas each of the subsequent three packets is individually addressed to a subscriber terminal and is therefore receivable only by subscriber terminals having the correct address.
- the global packet is used for conveying program identification "tags" for special programs, such as movie channels, and for controlling subscriber terminal decoders for pay-per-view programming.
- the addressed packets convey subscriber terminal authorization data and any other data that is unique to a particular subscriber terminal.
- Each subscriber terminal decoder includes a microprocessor and a non-volatile memory for storing an individual permanent subscriber terminal address and address key and a plurality of session keys, the purpose of which will be discussed below.
- each subscriber terminal Upon receipt of a television signal, each subscriber terminal "reads" the accompanying program identification code and checks that code against its authorization memory to see if the terminal is authorized. If the terminal is authorized, the television signal is unscrambled. If the terminal is not authorized, the television signal is left unscrambled. It will be appreciated that a subscriber terminal authorization may be changed by the cable head-end by means of the addressed data packets. The terminal authorization codes are only changed when there is a change in service level, or a default in payment, and consequently, there is only a limited amount of communication that actually occurs between the head-end and any individual subscriber terminal. Thus the overwhelming majority of addressed packets are intended for the many other subscriber terminals.
- the addressing structure is such that the microprocessor in the subscriber terminal need not spend valuable processing time on messages that are intended for other subscriber terminals.
- the individual subscriber terminal microprocessor ignores data packets, in terms of processing, that are not intended for it. This significantly reduces the microprocessor processing time and makes for a much more efficient system.
- the functions of message or data encryption, error protection of transmitted data and address recognition are uniquely intertwined to facilitate processing efficiency.
- a cyclic redundant code arrangement CRC
- CRC cyclic redundant code arrangement
- the number of subscriber terminal addresses that may be utilized in the system, without subscriber terminal confusion is greatly expanded with the use of address encryption keys. This is accomplished with only a slight degradation in error protection.
- DEEP data encryption and error protection
- the DEEP feature is preferably implemented in software at the head end and in hardware at the subscriber terminals.
- the DEEP feature simultaneously encrypts and error protects the data.
- the DEEP software simulates a plurality of feed-forward and feed-back taps on a multibit shift register by means of a look-up table.
- the DEEP feature in each subscriber terminal comprises a hardware shift register complementarily connected, that is, with feed-forward and feed-back taps interchanged as compared with those in the encoder.
- encryption and decryption "seeds" or binary presets are loaded into the DEEP software and hardware at the encoder and subscriber terminals, respectively. As will be seen, these presets comprise the session keys and address keys mentioned above. The result is a simple, secure, readily implemented data packet transmission system.
- a principal object of the invention is to provide a novel data packet transmission system.
- Another object of the invention is to provide a data packet transmission system and method that simultaneously provides data encryption and error protection.
- a further object of the invention is to provide a data packet transmission system and method utilizing novel addressing techniques.
- a still further object of the invention is to provide a novel method of operating a data packet transmission system.
- Still another object of the invention is to provide a data packet transmission system in which the available subscriber terminal addresses may be readily expanded.
- FIG. 1 illustrates the arrangement of the binary data packets in the system of the invention
- FIG. 2 is a partial block diagram of a head-end or encoding system for formatting the binary data packets in accordance with the invention as implemented in hardware;
- FIG. 3 is a block diagram of a subscriber terminal for receiving and decoding data packets encrypted in accordance with the invention.
- FIG. 4 is a pair of flow charts illustrating decoder operation in a subscriber terminal.
- a start code of any suitable form may be utilized to initialize apparatus in each subscriber terminal to make it ready for the reception of data.
- a global data packet or packet 1 is sent followed in sequence by individually addressed data packets 2, 3 and 4.
- each packet consists of 48 bits of "data" and 16 bits of CRC code.
- the start code may be any form of "framing code” and, in accordance with the preferred embodiment, is sent during the vertical blanking interval of the television signal.
- the start code may, for example, take the form of a framing code as taught in copending application Serial No. 025,235.
- the global packet comprises data that is intended for receipt by all of the subscriber terminals, e.g., program identification tags identifying the accompanying TV program, while the individually addressed packets comprise data intended to be received by only the addressed subscriber, e.g. subscriber authorization levels.
- a television (TV) signal source 10 is coupled to a channel encoder 12 that, in turn, supplies an RF output 14.
- the TV signal source may provide a conventional television signal that is scrambled by encoder 12 and transmitted with data signals including a program tag for enabling previously authorized terminals to render the scrambled TV signal viewable.
- the data signals are supplied to encoder 12 by a processor simulating in software a 16 bit shift register 16, which is diagrammatically shown with certain identified bits connected in a feed-forward and feed-back arrangement. For example, bits 3, 8 and 13 are added, or summed, through individual summation circuits 18 with the output of shift register 16. Similarly, bits 5, 10 and 16 are summed through other individual summation circuits 18 in a feed-back arrangement with the input of shift register 16.
- the summation circuits 18 may be exclusive OR gates. With the arrangement, data from a controller 20 is supplied to the input of the shift register and is simultaneously encrypted and error protected in its passage therethrough.
- Channel encoder 12 includes well-known means for formatting this data in packets as shown in FIG. 1.
- controller 20 supplies presets for the DEEP shift register 16.
- the preset corresponds to a session key that serves to further dynamically encrypt the data passed through shift register 16.
- the presets comprise address keys as determined by the controller 20. All of the data is combined with the TV signal which is scrambled in channel encoder 12 and applied to RF output 14 where it is transmitted along the cable to the various subscriber terminals.
- the receiver 24 accepts the incoming transmission from the head-end, sends the scrambled TV signal on to a decoder 26 and removes the encrypted and error protected data which is applied a 16 bit shift register 34 that has complementarily connected feed-forward and feed-back taps to those of the head-end 16 bit shift register.
- positions 5, 10 and 16 of the DEEP circuit shift register 34 are coupled through summation circuits 18 in a feed-forward arrangement whereas positions 3, 8 and 13 are connected in a feed-back arrangement.
- DEEP shift register 16 of the encoder will be decrypted by being passed through DEEP shift register 34 of the decoder, provided however that the presets utilized for the encoder DEEP shift register are also utilized for the decoder DEEP shift register.
- the presets for DEEP shift register 34 are applied by microprocessor based controller 28 which is shown with access to a pair of memories.
- Memory 30 is for storing the address and address key for the particular subscriber terminal. The address and address keys are permanent and "burned into" the memory at the factory.
- Memory 32 is preferably an EEROM and is utilized to store the session keys and the authorization data that is downloaded from time to time to the subscriber terminal from the cable head-end by means of the individually addressed packets. Memory 32 is electrically alterable to store different session keys and different authorization data.
- one of the session keys is a "default" key that is permanently set in memory 32 of the subscriber terminal.
- the subscriber terminal automatically searches through the session keys stored in its memory when trying to decrypt a global packet. If the subscriber terminal is not an authorized one in the system, its session keys will never match the key used to form the global packet, and it will never become operable. If, on the other hand, an authorized subscriber terminal is in the factory or is brought in for service, the default session key may be used to communicate with the terminal.
- DEEP shift register 34 is supplied to a DATA input of controller 28, and also to a CRC comparator 36 which is coupled to the interrupt (INT) input of the microprocessor controller 28. While the data in each packet is loaded into the memory of microprocessor 28, no processing of the data occurs until an interrupt signal is received when the 16 bit remainder of the CRC comparator is all zeros.
- the data is formulated into packets by the system controller and applied to the channel encoder by the DEEP shift register.
- the encoder combines the data with a TV signal from the TV signal source, scrambles the TV signal and passes the scrambled signal and data to a modulator for transmission to the various subscriber terminals.
- the DEEP shift register in the head-end encrypts the data by dividing it by a polynomial whose coefficients are represented by the feed-back taps on the 16 bit shift register.
- error protection is achieved by multiplying the data by a different polynomial whose coefficients are represented by the feed-forward taps of the shift register.
- the polynomial is represented by a session key (global packet) and by an address key (addressed packet), the address key corresponding to the stored address key of the addressed subscriber location.
- each feed-forward tap for a session key or an address key is different from any feed-back tap.
- Data packet error protection and data encryption are thus performed simultaneously in the DEEP shift register (or its software equivalent). For purposes of explanation they may be considered separately.
- DEEP shift register 16 In terms of error protection, 48 bits of data for each packet are applied to DEEP shift register 16 by the controller 20 and the DEEP shift register multiplies these 48 bits of data by a polynomial whose coefficients are represents by the feed-forward taps of the shift register.
- the output is thus a 64 bit packet comprising 48 error protected bits and a 16 bit redundant code. Assuming that this output is processed in a subscriber terminal by dividing it by the same polynomial in a complementary DEEP shift register, the division will result in a 16 bit remainder which will be all zeros, provided there are no errors in the packet.
- Encryption of the data is performed by dividing the data bits from the controller 20 in the DEEP shift register 16 by a polynomial represented by the feed-back taps of the shift register. Decryption is accomplished in a subscriber terminal by multiplying each encrypted package by the same polynomial in a complementary DEEP shift register.
- data encryption is facilitated by using an encryption seed or key to preset the shift register.
- the key is referred to as the session key and is common to all subscriber terminals.
- the session key may be changed from time to time, e.g. on a monthly basis.
- the key is referred to as an address key and may be different for each subscriber terminal or may be common to a group of subscriber terminals.
- the combination of the address key and the subscriber terminal address uniquely defines a subscriber terminal.
- Each global packet is encrypted by presetting the DEEP shift register 16 with the current session key and each addressed packet is encrypted by presetting the DEEP shift register 16 with the address key corresponding to the intended subscriber. (The subscriber terminal address information is included in 24 of the 48 bits of the packets.)
- the session keys are downloaded to each system subscriber terminal as part of an addressed packet as is other authorization data.
- a counter in the subscriber terminal is reset to zero.
- the previously used session key is loaded into the subscriber terminal DEEP shift register, the start code is detected and the resulting CRC code (i.e. the 16 bit remainder of the processed packet) for the global packet is checked. If the CRC code matches (remainder of all zeros), it is presumed that the session key is correct and that there are no errors in the data.
- the counter is reset to zero and the global packet is processed for any general information therein, that is, information that is applicable to all subscriber terminals.
- the terminal address key is loaded into the DEEP shift register for processing the first received addressed data packet. Again the CRC is checked.
- the packet either is addressed to a different subscriber terminal or there are errors in it. In either event, the packet is ignored. If the CRC code shows all zeros, an address comparison is made in the subscriber terminal controller to see if indeed the packet is meant for that subscriber terminal. If the address comparison shows a mismatch, the packet is ignored. If the address comparison shows a match, the packet is processed by the microprocessor and the procedure is repeated for the next two addressed packets. It is thus seen that the microprocessor only processes packets that are intended for it.
- the session keys are generally changed on a periodic basis. Since the subscriber terminal needs the session key in order to process global data packets, the system provides for a number of attempts to match a session decryption key in the subscriber terminal memory to the session encryption key used in the global packet. Thus, if the CRC code for a received global packet does not yield a zero result, and if there are no other error flags or indications in the system, the counter is incremented and the current session decryption key is used again to attempt to decrypt the next global packet. If failure results again, and there are no other error flags, the counter is incremented again and another attempt is made to decrypt the global packet with the same session key.
- the counter is incremented to 8 at which time a new session decryption key is loaded and the process repeated with the different session decryption key.
- Decryption with the new session key is attempted only once. Should that session key also fail, another session key in memory is tried, etc.
- the default session key that is, the session key that is permanently stored within the subscriber terminal is also included in the search process. This process continues in an attempt for the subscriber terminal to establish communication with the when decryption yields a zero result, the counter is reset and the global packet is processed. If the subscriber terminal is not an authorized terminal for that system, however, it never gets a correct session key downloaded to it and it never becomes operable in the system.
- Another aspect of the invention resides in the intertwining of the address decryption key, the address and the CRC code.
- the address decryption key there are 16,000,000 unique subscriber terminal addresses available.
- the number of unique subscriber terminals that can be addressed may be increased to a maximum of 2 40 with a nominal 24 bit address.
- This expansion involves assigning the same addresses to a number of subscriber terminals, each of whom has a different address decryption key.
- the disadvantage is that the degree of error protection for the subscriber terminals with the same address is decreased.
- it can be shown that the possibility of addressing unintended subscriber terminals, considering the probabilities of two subscriber terminals having the same address being on the same system, is remote. Consequently, the practical effect of expanding the subscriber terminal addresses as above-described is a nominal decrease in error protection between subscriber terminals with the same address.
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A bit packet communication system includes a head end having a software implemented 16 bit shift register with a plurality of feed-forward taps and a different plurality of feedback taps for simultaneously dividing and multiplying the input data bit packet to provide an output bit packet that is both encrypted and error protected. Dynamic encryption is provided by utilizing an initial preset for the software corresponding to a preset encryption key for the shift register. Authorized subscriber terminals are provided with memories and decryption keys are downloaded. The bit packets are assembled with a global bit packet encrypted with a global encryption key and subsequent individually addressed bit packets encrypted with address keys. The address keys and terminal addresses are permanently stored in the subscriber terminal memories. The global encryption keys are changed periodically. Means are provided in each subscriber terminal for storing a number of global decryption keys which are cycled through in attempts to decrypt the global packets. One of the global decryption keys is a permanent default key associated with the subscriber terminal to assure that communication with that terminal is possible despite a lack of knowledge of the terminal address or the other global decryption keys in its memory.
Description
This application is related to U.S. Pat. No. 4,467,353, entitled "Television Signal Scrambling System and Method" in the names of R. Citta and R. Lee issued 8/21/84, application Ser. No. 711,947, filed 3-15-85 entitled "Television Signal Scrambling Method" in the names of R. Citta, D. Mutzabaugh, and G. Sgrignoli, application Ser. No. 712,949, filed 3-15-86, entitled "Television Signal Data Transmission System", in the names of R. Citta, D. Mutzabaugh and G. Sgrignoli; application Ser. No. 025,235, filed 3/12/87 entitled "Data Packet Encryption System Using Framing Codes", in the names of R. Citta and G. Sgrignoli, all of which are assigned to Zenith Electronics Corporation and all of which are incorporated by reference herein.
This invention relates generally to data packet communication systems and methods. It should be emphasized that while the inventions herein are described with respect to, and are particularly adapted to use with, television signal communication systems, they are not limited thereto, the inventions being equally applicable to any communications system of the data packet type. The inventions will be described in connection with a cable-connected television transmission system wherein the signals from a head-end are supplied to a plurality of subscriber terminals, connected to the head-end by a cable, for controlling individual subscriber terminal decoder units. The inventive system will find particular use in a subscription television signal scrambling system including a data packet communication arrangement wherein encrypted binary data is transmitted during selected horizontal lines of the television signal. As taught in the above-mentioned patent and copending applications, television signal scrambling may conveniently be accomplished by suppression of the horizontal blanking signals and phase reversal of the video carrier during the blanking periods. Data may be communicated by pulse width modulation of the horizontal blanking intervals. Suppression of the horizontal sync signals scrambles the video signal such that it is rendered unviewable when received by a conventional television receiver. In order to unscramble the video display, each subscriber terminal is provided with a decoder that is operable for unscrambling the television signals and for coupling the unscrambled signals to a television receiver for viewing. Since security is a prime consideration in the design of any such system, the unscrambling technique needs to be sufficiently complex to deter would-be pirates while being capable of providing reliable decoding by authorized system subscriber terminals.
In the data packet system of the invention, four packets of 64 bits each are sequentially sent in 256 horizontal lines of the video display. The first packet is termed a "global" packet and is receivable by all subscriber terminals, whereas each of the subsequent three packets is individually addressed to a subscriber terminal and is therefore receivable only by subscriber terminals having the correct address. The global packet is used for conveying program identification "tags" for special programs, such as movie channels, and for controlling subscriber terminal decoders for pay-per-view programming. The addressed packets convey subscriber terminal authorization data and any other data that is unique to a particular subscriber terminal. Each subscriber terminal decoder includes a microprocessor and a non-volatile memory for storing an individual permanent subscriber terminal address and address key and a plurality of session keys, the purpose of which will be discussed below.
Upon receipt of a television signal, each subscriber terminal "reads" the accompanying program identification code and checks that code against its authorization memory to see if the terminal is authorized. If the terminal is authorized, the television signal is unscrambled. If the terminal is not authorized, the television signal is left unscrambled. It will be appreciated that a subscriber terminal authorization may be changed by the cable head-end by means of the addressed data packets. The terminal authorization codes are only changed when there is a change in service level, or a default in payment, and consequently, there is only a limited amount of communication that actually occurs between the head-end and any individual subscriber terminal. Thus the overwhelming majority of addressed packets are intended for the many other subscriber terminals. It is therefore an important attribute of the present inventive system, that the addressing structure is such that the microprocessor in the subscriber terminal need not spend valuable processing time on messages that are intended for other subscriber terminals. As will become apparent, the individual subscriber terminal microprocessor ignores data packets, in terms of processing, that are not intended for it. This significantly reduces the microprocessor processing time and makes for a much more efficient system.
In another aspect of the invention, the functions of message or data encryption, error protection of transmitted data and address recognition are uniquely intertwined to facilitate processing efficiency. For example, in the preferred embodiment a cyclic redundant code arrangement (CRC) is utilized for simultaneous data encryption, error protection and address recognition. This reduces processing time of the data packets since a non zero remainder in the CRC code, for any reason, results in the packet not being processed. In a still further aspect of the invention, the number of subscriber terminal addresses that may be utilized in the system, without subscriber terminal confusion, is greatly expanded with the use of address encryption keys. This is accomplished with only a slight degradation in error protection.
An important aspect of the invention is the utilization of a multibit shift register, or its equivalent software implementation, as a data encryption and error protection (DEEP) feature. The DEEP feature is preferably implemented in software at the head end and in hardware at the subscriber terminals. The DEEP feature, as will be seen, simultaneously encrypts and error protects the data. In the head-end or encoder, the DEEP software simulates a plurality of feed-forward and feed-back taps on a multibit shift register by means of a look-up table. The DEEP feature in each subscriber terminal comprises a hardware shift register complementarily connected, that is, with feed-forward and feed-back taps interchanged as compared with those in the encoder. Further, to provide dynamic encryption, encryption and decryption "seeds" or binary presets are loaded into the DEEP software and hardware at the encoder and subscriber terminals, respectively. As will be seen, these presets comprise the session keys and address keys mentioned above. The result is a simple, secure, readily implemented data packet transmission system.
A principal object of the invention is to provide a novel data packet transmission system.
Another object of the invention is to provide a data packet transmission system and method that simultaneously provides data encryption and error protection.
A further object of the invention is to provide a data packet transmission system and method utilizing novel addressing techniques.
A still further object of the invention is to provide a novel method of operating a data packet transmission system.
Still another object of the invention is to provide a data packet transmission system in which the available subscriber terminal addresses may be readily expanded.
These and other objects and advantages of the invention will be apparent from reading the following description in conjunction with the drawings, in which:
FIG. 1 illustrates the arrangement of the binary data packets in the system of the invention;
FIG. 2 is a partial block diagram of a head-end or encoding system for formatting the binary data packets in accordance with the invention as implemented in hardware;
FIG. 3 is a block diagram of a subscriber terminal for receiving and decoding data packets encrypted in accordance with the invention; and
FIG. 4 is a pair of flow charts illustrating decoder operation in a subscriber terminal.
Referring to FIG. 1, the arrangement of data packets in accordance with the invention is diagrammatically shown. Initially, a start code of any suitable form may be utilized to initialize apparatus in each subscriber terminal to make it ready for the reception of data. Immediately following the start code, a global data packet or packet 1 is sent followed in sequence by individually addressed data packets 2, 3 and 4. ln the system of the preferred embodiment, each packet consists of 48 bits of "data" and 16 bits of CRC code. The start code may be any form of "framing code" and, in accordance with the preferred embodiment, is sent during the vertical blanking interval of the television signal. The start code may, for example, take the form of a framing code as taught in copending application Serial No. 025,235. However, the type of start code employed forms no part of the present invention. As mentioned, the global packet comprises data that is intended for receipt by all of the subscriber terminals, e.g., program identification tags identifying the accompanying TV program, while the individually addressed packets comprise data intended to be received by only the addressed subscriber, e.g. subscriber authorization levels.
In FIG. 2, a television (TV) signal source 10 is coupled to a channel encoder 12 that, in turn, supplies an RF output 14. The TV signal source may provide a conventional television signal that is scrambled by encoder 12 and transmitted with data signals including a program tag for enabling previously authorized terminals to render the scrambled TV signal viewable.
The data signals are supplied to encoder 12 by a processor simulating in software a 16 bit shift register 16, which is diagrammatically shown with certain identified bits connected in a feed-forward and feed-back arrangement. For example, bits 3, 8 and 13 are added, or summed, through individual summation circuits 18 with the output of shift register 16. Similarly, bits 5, 10 and 16 are summed through other individual summation circuits 18 in a feed-back arrangement with the input of shift register 16. The summation circuits 18 may be exclusive OR gates. With the arrangement, data from a controller 20 is supplied to the input of the shift register and is simultaneously encrypted and error protected in its passage therethrough. In the example selected, 48 bits of data at the input of shift register 16 and 16 zeroes results in a 64 bit data stream at the output which is applied to channel encoder 12. This corresponds to 48 bits of data and a 16 bit redundant code. Channel encoder 12 includes well-known means for formatting this data in packets as shown in FIG. 1. By means of a communication channel 22, controller 20 supplies presets for the DEEP shift register 16. For the global packet, the preset corresponds to a session key that serves to further dynamically encrypt the data passed through shift register 16. For addressed packets 2, 3 and 4, the presets comprise address keys as determined by the controller 20. All of the data is combined with the TV signal which is scrambled in channel encoder 12 and applied to RF output 14 where it is transmitted along the cable to the various subscriber terminals.
It will be appreciated that in most instances, not all of the channels supplied by the cable head-end will carry data communications. Therefore the data will be periodically transmitted to insure that all subscriber terminals have an opportunity to receive it. In many installations, a subscriber terminal is automatically tuned to a "homing" channel when not in use and the cable head-end may utilize that channel for downloading data or communicating with the subscriber terminal.
In the subscriber terminal of FIG. 3, the receiver 24 accepts the incoming transmission from the head-end, sends the scrambled TV signal on to a decoder 26 and removes the encrypted and error protected data which is applied a 16 bit shift register 34 that has complementarily connected feed-forward and feed-back taps to those of the head-end 16 bit shift register. Thus, positions 5, 10 and 16 of the DEEP circuit shift register 34 are coupled through summation circuits 18 in a feed-forward arrangement whereas positions 3, 8 and 13 are connected in a feed-back arrangement. It should thus be apparent that data sent through the DEEP shift register 16 of the encoder will be decrypted by being passed through DEEP shift register 34 of the decoder, provided however that the presets utilized for the encoder DEEP shift register are also utilized for the decoder DEEP shift register. The presets for DEEP shift register 34 are applied by microprocessor based controller 28 which is shown with access to a pair of memories. Memory 30 is for storing the address and address key for the particular subscriber terminal. The address and address keys are permanent and "burned into" the memory at the factory. Memory 32, on the other hand, is preferably an EEROM and is utilized to store the session keys and the authorization data that is downloaded from time to time to the subscriber terminal from the cable head-end by means of the individually addressed packets. Memory 32 is electrically alterable to store different session keys and different authorization data.
In accordance with one aspect of the invention, one of the session keys is a "default" key that is permanently set in memory 32 of the subscriber terminal. The subscriber terminal automatically searches through the session keys stored in its memory when trying to decrypt a global packet. If the subscriber terminal is not an authorized one in the system, its session keys will never match the key used to form the global packet, and it will never become operable. If, on the other hand, an authorized subscriber terminal is in the factory or is brought in for service, the default session key may be used to communicate with the terminal.
The output of DEEP shift register 34 is supplied to a DATA input of controller 28, and also to a CRC comparator 36 which is coupled to the interrupt (INT) input of the microprocessor controller 28. While the data in each packet is loaded into the memory of microprocessor 28, no processing of the data occurs until an interrupt signal is received when the 16 bit remainder of the CRC comparator is all zeros.
Reference to FIGS. 2 and 3 and to the flow chart in FIG. 4 will be helpful in explaining operation of the system. As mentioned, the data is formulated into packets by the system controller and applied to the channel encoder by the DEEP shift register. The encoder combines the data with a TV signal from the TV signal source, scrambles the TV signal and passes the scrambled signal and data to a modulator for transmission to the various subscriber terminals. The DEEP shift register in the head-end encrypts the data by dividing it by a polynomial whose coefficients are represented by the feed-back taps on the 16 bit shift register. Simultaneously, error protection is achieved by multiplying the data by a different polynomial whose coefficients are represented by the feed-forward taps of the shift register. The polynomial is represented by a session key (global packet) and by an address key (addressed packet), the address key corresponding to the stored address key of the addressed subscriber location. Obviously, in a preferred embodiment, each feed-forward tap for a session key or an address key is different from any feed-back tap. Data packet error protection and data encryption are thus performed simultaneously in the DEEP shift register (or its software equivalent). For purposes of explanation they may be considered separately.
In terms of error protection, 48 bits of data for each packet are applied to DEEP shift register 16 by the controller 20 and the DEEP shift register multiplies these 48 bits of data by a polynomial whose coefficients are represents by the feed-forward taps of the shift register. The output is thus a 64 bit packet comprising 48 error protected bits and a 16 bit redundant code. Assuming that this output is processed in a subscriber terminal by dividing it by the same polynomial in a complementary DEEP shift register, the division will result in a 16 bit remainder which will be all zeros, provided there are no errors in the packet.
Encryption of the data is performed by dividing the data bits from the controller 20 in the DEEP shift register 16 by a polynomial represented by the feed-back taps of the shift register. Decryption is accomplished in a subscriber terminal by multiplying each encrypted package by the same polynomial in a complementary DEEP shift register.
As mentioned, data encryption is facilitated by using an encryption seed or key to preset the shift register. For the global packet, the key is referred to as the session key and is common to all subscriber terminals. The session key may be changed from time to time, e.g. on a monthly basis. For the addressed packets, the key is referred to as an address key and may be different for each subscriber terminal or may be common to a group of subscriber terminals. The combination of the address key and the subscriber terminal address uniquely defines a subscriber terminal. Each global packet is encrypted by presetting the DEEP shift register 16 with the current session key and each addressed packet is encrypted by presetting the DEEP shift register 16 with the address key corresponding to the intended subscriber. (The subscriber terminal address information is included in 24 of the 48 bits of the packets.) In practice, the session keys are downloaded to each system subscriber terminal as part of an addressed packet as is other authorization data.
With particular reference to the flow chart, initially a counter in the subscriber terminal is reset to zero. The previously used session key is loaded into the subscriber terminal DEEP shift register, the start code is detected and the resulting CRC code (i.e. the 16 bit remainder of the processed packet) for the global packet is checked. If the CRC code matches (remainder of all zeros), it is presumed that the session key is correct and that there are no errors in the data. At that point, the counter is reset to zero and the global packet is processed for any general information therein, that is, information that is applicable to all subscriber terminals. Next the terminal address key is loaded into the DEEP shift register for processing the first received addressed data packet. Again the CRC is checked. If the CRC code is not all zeros, the packet either is addressed to a different subscriber terminal or there are errors in it. In either event, the packet is ignored. If the CRC code shows all zeros, an address comparison is made in the subscriber terminal controller to see if indeed the packet is meant for that subscriber terminal. If the address comparison shows a mismatch, the packet is ignored. If the address comparison shows a match, the packet is processed by the microprocessor and the procedure is repeated for the next two addressed packets. It is thus seen that the microprocessor only processes packets that are intended for it.
As mentioned, the session keys are generally changed on a periodic basis. Since the subscriber terminal needs the session key in order to process global data packets, the system provides for a number of attempts to match a session decryption key in the subscriber terminal memory to the session encryption key used in the global packet. Thus, if the CRC code for a received global packet does not yield a zero result, and if there are no other error flags or indications in the system, the counter is incremented and the current session decryption key is used again to attempt to decrypt the next global packet. If failure results again, and there are no other error flags, the counter is incremented again and another attempt is made to decrypt the global packet with the same session key. This continues until the counter is incremented to 8 at which time a new session decryption key is loaded and the process repeated with the different session decryption key. Decryption with the new session key is attempted only once. Should that session key also fail, another session key in memory is tried, etc. The default session key, that is, the session key that is permanently stored within the subscriber terminal is also included in the search process. This process continues in an attempt for the subscriber terminal to establish communication with the when decryption yields a zero result, the counter is reset and the global packet is processed. If the subscriber terminal is not an authorized terminal for that system, however, it never gets a correct session key downloaded to it and it never becomes operable in the system. (When a subscriber terminal is added to a system, its address is placed on an "install list" and the head-end periodically transmits addressed information for downloading proper session keys and authorization codes to it). Also, for subscribers who do not pay, the new session keys need not be downloaded to their terminal memories, which effectively deauthorizes the terminals.
Another aspect of the invention resides in the intertwining of the address decryption key, the address and the CRC code. With a 24 bit address there are 16,000,000 unique subscriber terminal addresses available. By using 16 bits as address decryption keys, the number of unique subscriber terminals that can be addressed may be increased to a maximum of 240 with a nominal 24 bit address. This expansion involves assigning the same addresses to a number of subscriber terminals, each of whom has a different address decryption key. The disadvantage is that the degree of error protection for the subscriber terminals with the same address is decreased. However, it can be shown that the possibility of addressing unintended subscriber terminals, considering the probabilities of two subscriber terminals having the same address being on the same system, is remote. Consequently, the practical effect of expanding the subscriber terminal addresses as above-described is a nominal decrease in error protection between subscriber terminals with the same address.
It is recognized that numerous changes in the described embodiment of the invention will be apparent to those skilled in the art without departing from its true spirit and scope. The invention is to be limited only as defined in the claims.
Claims (17)
1. A method of operating a data packet communication system comprising the steps of:
encrypting a first data packet with a global encryption key such that all authorized subscriber terminals having a corresponding global decryption key decipher said first data packet;
encrypting an addressed data packet including a subscriber address with an address encryption key such that only subscriber terminals with corresponding address decryption can decipher said addressed data packet;
transmitting said data packets to subscriber terminals; and
causing subscriber terminals to search among a plurality of stored global decryption keys for a decryption key corresponding to said global encryption key.
2. The method of claim 1 wherein each subscriber terminal includes memory means for storing global decryption keys and wherein changes to said stored global decryption keys and communicated to said subscriber terminals in said addressed data packets.
3. The method of claim 2, further including the step of:
providing each authorized subscriber terminal with a permanent default global decryption key for enabling communication with a subscriber terminal without knowing its address or its other stored global decryption keys.
4. A method of operating a data packet communication system comprising the steps of:
encrypting a data packet with a global encryption key such that all authorized subscriber terminals having a corresponding global decryption key can decipher said data packet;
transmitting said data packet to subscriber terminals; and
causing subscriber terminals to search among a plurality of stored global decryption keys for a decryption key corresponding to said global decryption key.
5. The method of claim 4, further including the step of selectively changing the global decryption keys stored in subscriber terminals.
6. The method of claim 5, wherein one of the global decryption keys stored in a subscriber terminal is permanent and constitutes a default key enabling communication with a subscriber terminal without knowledge of its other stored, changeable, global decryption keys.
7. A data packet communication system comprising:
formatting means for formatting binary data into global data packets;
encryption means for simultaneously encrypting and error protecting said data packets with a global encryption key;
means transmitting said encrypted and error protected data packets to subscribed terminals, each having a plurality of stored global decryption keys;
receiving means at each subscribed terminal for testing received data packets wtih one of said stored global decryption keys to determine whether they are error free;
means for processing received data packets only when they are determined to be error free; and
means for cycling among said stored global decryption keys to test received data packets when a non error free data packet is found.
8. In a television signal transmission system;
a data packet communication system having messages comprising first error protected packets encrypted with a global encryption key and second error protected packets, each containing the binary address of a selected subscribed terminal and encrypted with an address encryption key;
a plurality of subscriber terminals, each including memory means for storing a plurality of global decryption keys, an address decryption key and a binary address, said address decryption key and said binary address uniquely identifying the individual subscriber terminal;
means at each subscriber terminal for sequentially decrypting said first packets with said global decryption keys until a first error free condition results;
means for processing the first packet in response to the first error free condition;
means at each subscriber terminal for testing said second packet for a second error free condition with said address decryption key;
means responsive to said second error free condition for comparing the binary address contained in said second packet with the binary address stored at said subscriber terminal; and
means for processing said second packet in response to the comparison.
9. The system of claim 7 further including means for changing said global encryption key used to simultaneously encrypt and error protect said data packets to correspond to a different one of said stored global decryption keys.
10. The system of claim 9 further including means for selectively changing said stored global decryption keys.
11. The system of claim 8 further including means for changing said global encryption key.
12. The system of claim 11 further including means for selectively changing said stored global decryption keys.
13. The system of claim 12 further including means for downloading a new global decryption key in a second error protected packet to replace one of said stored global decryption keys at a subscriber terminal.
14. A method of operating a data packet communication system comprising the steps of:
simultaneously encrypting and error protecting a first data packet with a global encryption key;
transmitting said first data packet to a plurality of subscriber terminals; and
at each subscriber terminal:
sequentially testing the first data packet with each one of a plurality of stored global decryption keys until the tested data packet is determined to be error free; and
processing the data packet after it is determined to be error free.
15. The method of claim 14, further including the step of changing the global encryption key used to encrypt and error protect said first data packet.
16. The method of claim 14, further including the step of selectively changing a global decryption key stored in a subscriber terminal.
17. The method of claim 14, further including the steps of;
simultaneously encrypting and error protecting an addressed data packet, including a subscriber address and a new global decryption key, with an address encryption key;
transmitting said addressed data packet to said subscribed terminals, each having a stored address decryption key and a stored address;
testing the addressed data packet at each subscriber terminal with said stored address decryption key to determine whether it is error free;
checking the address of the data packet with the stored address of the subscriber terminal if the data packet is error free; and
storing the new global decryption key in place of one of said stored global decryption keys only when the address of the error free addressed data packet corresponds to the address of the subscriber terminal.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US07/025,236 US4771458A (en) | 1987-03-12 | 1987-03-12 | Secure data packet transmission system and method |
| US07/221,166 US4876718A (en) | 1987-03-12 | 1988-07-19 | Secure data packet transmission system and method |
| US07/343,103 US4944006A (en) | 1987-03-12 | 1989-04-25 | Secure data packet transmission system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US07/025,236 US4771458A (en) | 1987-03-12 | 1987-03-12 | Secure data packet transmission system and method |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US07/221,166 Division US4876718A (en) | 1987-03-12 | 1988-07-19 | Secure data packet transmission system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| US4771458A true US4771458A (en) | 1988-09-13 |
Family
ID=21824853
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US07/025,236 Expired - Lifetime US4771458A (en) | 1987-03-12 | 1987-03-12 | Secure data packet transmission system and method |
Country Status (1)
| Country | Link |
|---|---|
| US (1) | US4771458A (en) |
Cited By (51)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4881263A (en) * | 1987-09-25 | 1989-11-14 | Digital Equipment Corporation | Apparatus and method for secure transmission of data over an unsecure transmission channel |
| US4924513A (en) * | 1987-09-25 | 1990-05-08 | Digital Equipment Corporation | Apparatus and method for secure transmission of data over an unsecure transmission channel |
| US4965881A (en) * | 1989-09-07 | 1990-10-23 | Northern Telecom Limited | Linear feedback shift registers for data scrambling |
| US4995080A (en) * | 1988-08-04 | 1991-02-19 | Zenith Electronics Corporation | Television signal scrambling system and method |
| WO1991003896A2 (en) * | 1989-09-07 | 1991-03-21 | Verran Electronics Limited | Computer communications system |
| US5081678A (en) * | 1989-06-28 | 1992-01-14 | Digital Equipment Corporation | Method for utilizing an encrypted key as a key identifier in a data packet in a computer network |
| US5091938A (en) * | 1990-08-06 | 1992-02-25 | Nec Home Electronics, Ltd. | System and method for transmitting entertainment information to authorized ones of plural receivers |
| US5134656A (en) * | 1989-02-22 | 1992-07-28 | Kudelski S.A. Fabrique D'enregistruers Nagra | Pre-payment television system using a memory card associated with a decoder |
| US5164986A (en) * | 1991-02-27 | 1992-11-17 | Motorola, Inc. | Formation of rekey messages in a communication system |
| US5245420A (en) * | 1990-11-27 | 1993-09-14 | Scientific-Atlanta, Inc. | CATV pay per view interdiction system |
| EP0564825A2 (en) * | 1992-03-11 | 1993-10-13 | NOKIA TECHNOLOGY GmbH | Method for identification of secret data messages in a uni-directional multipoint network using cyclic redundancy checks |
| US5323462A (en) * | 1988-03-10 | 1994-06-21 | Scientific-Atlanta, Inc. | CATV subscriber disconnect switch |
| EP0637172A1 (en) * | 1993-07-30 | 1995-02-01 | Sony Corporation | Apparatus for scrambling a digital video signal |
| EP0641130A1 (en) * | 1993-08-23 | 1995-03-01 | Matsushita Electric Industrial Co., Ltd. | Scramble transmission apparatus and signal processing apparatus |
| US5505901A (en) * | 1988-03-10 | 1996-04-09 | Scientific-Atlanta, Inc. | CATV pay per view interdiction system method and apparatus |
| US5592639A (en) * | 1989-04-04 | 1997-01-07 | Laboratoire Europeen De Recherches Electroniques Avancees Societe En Nom Collectif | Device and method for writing in a storage device of the queue type |
| US5668946A (en) * | 1993-09-01 | 1997-09-16 | Zenith Electronics Corporation | System for cable communication wherein interpretively coded data transmitted from headend selectively initiate loop free instruction sets stored in receiver-decoder to affect the behavior thereof |
| US5784462A (en) * | 1995-08-28 | 1998-07-21 | Sanyo Electric Co., Ltd. | Digital signal receiver capable of receiving data encrypted and transmitted in online processing |
| US5859912A (en) * | 1996-03-22 | 1999-01-12 | General Electric Company | Digital information privacy system |
| WO1999040742A1 (en) * | 1998-02-04 | 1999-08-12 | Nokia Networks Oy | Data transmission method with encryption performed in an internal card unit (tru) |
| US6009174A (en) * | 1996-10-31 | 1999-12-28 | Matsushita Electric Industrial Co., Ltd. | Secret key transfer method which is highly secure and can restrict the damage caused when the secret key is leaked or decoded |
| US20020112154A1 (en) * | 1999-12-30 | 2002-08-15 | Clyde Riley Wallace | Secure network user states |
| WO2002080479A1 (en) * | 2001-03-28 | 2002-10-10 | Ciena Corporation | Method and system for encoding data for transmission over a serial link |
| US6493878B1 (en) | 1988-10-17 | 2002-12-10 | Lord Samuel A Kassatly | Method and apparatus for tv broadcasting and reception |
| US20030154474A1 (en) * | 1999-03-31 | 2003-08-14 | Bertram Michael C. | Method and apparatus for performing session based conditional access |
| US6636970B2 (en) * | 1995-02-14 | 2003-10-21 | Fujitsu Limited | Software encoding using a combination of two types of encoding and encoding type identification information |
| US6684198B1 (en) * | 1997-09-03 | 2004-01-27 | Sega Enterprises, Ltd. | Program data distribution via open network |
| US20040179689A1 (en) * | 2000-03-03 | 2004-09-16 | Mark Maggenti | Communication device for providing security in a group communication network |
| US6880081B1 (en) * | 1999-07-15 | 2005-04-12 | Nds Ltd. | Key management for content protection |
| US20050097340A1 (en) * | 2003-11-03 | 2005-05-05 | Pedlow Leo M.Jr. | Default encryption and decryption |
| US6902257B2 (en) * | 2001-11-08 | 2005-06-07 | Benq Corporation | Fluid injection head structure and method for manufacturing the same |
| US20050160972A1 (en) * | 2002-03-14 | 2005-07-28 | Commonwealth Scientific And Industrial Research Organization | Method and resulting structure for manufacturing semiconductor substrates |
| US20050177719A1 (en) * | 1999-07-15 | 2005-08-11 | Nds Ltd. | Key management for content protection |
| US20060047972A1 (en) * | 2004-08-27 | 2006-03-02 | Microsoft Corporation | System and method for applying security to memory reads and writes |
| US20060047936A1 (en) * | 2004-08-27 | 2006-03-02 | Microsoft Corporation | System and method for using address lines to control memory usage |
| US20060059553A1 (en) * | 2004-08-27 | 2006-03-16 | Microsoft Corporation | System and method for using address bits to affect encryption |
| US20060136778A1 (en) * | 2002-10-25 | 2006-06-22 | Graverand Philippe Y L | Process for generating and reconstructing variable number of parity for byte streams independent of host block size |
| US20070146194A1 (en) * | 2005-12-22 | 2007-06-28 | Sanyo Electric Co., Ltd. | Encoding Circuit and Digital Signal Processing Circuit |
| US20070211456A1 (en) * | 2006-03-10 | 2007-09-13 | Spika Kevin W | Decorative lighting assembly |
| US20080101595A1 (en) * | 2006-10-26 | 2008-05-01 | Samsung Electronics Co.; Ltd | Error correction system and method for mobile terminal |
| US7444523B2 (en) | 2004-08-27 | 2008-10-28 | Microsoft Corporation | System and method for using address bits to signal security attributes of data in the address space |
| US7548563B1 (en) * | 2005-04-01 | 2009-06-16 | Marvell International Ltd. | Data transmission using address encoding |
| US20090160649A1 (en) * | 2007-12-20 | 2009-06-25 | Bce Inc. | Contact-less tag with signature, and applications thereof |
| US20100020976A1 (en) * | 2006-05-30 | 2010-01-28 | Yong Ma | method of decryption key switching, a decryption device and a terminal equipment |
| US20110162044A1 (en) * | 2008-08-29 | 2011-06-30 | Panasonic Corporation | Secure communication device, secure communication method, and program |
| US20110176673A1 (en) * | 2008-10-07 | 2011-07-21 | Fujitsu Limited | Encrypting apparatus |
| US20120124613A1 (en) * | 2010-11-17 | 2012-05-17 | Verizon Patent And Licensing, Inc. | Content entitlement determinations for playback of video streams on portable devices |
| US20140359287A1 (en) * | 2013-05-30 | 2014-12-04 | Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno | Method and system for reconstruction of a data object from distributed redundant data parts |
| US9037859B2 (en) | 2008-12-18 | 2015-05-19 | Bce Inc. | Processing of communication device signatures for use in securing nomadic electronic transactions |
| US20150161403A1 (en) * | 2013-12-10 | 2015-06-11 | Thales | Critical data transmission architecture in avionics systems |
| US9231928B2 (en) | 2008-12-18 | 2016-01-05 | Bce Inc. | Validation method and system for use in securing nomadic electronic transactions |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4159468A (en) * | 1977-11-17 | 1979-06-26 | Burroughs Corporation | Communications line authentication device |
| US4292650A (en) * | 1979-10-29 | 1981-09-29 | Zenith Radio Corporation | Stv Subscriber address system |
| US4323921A (en) * | 1979-02-06 | 1982-04-06 | Etablissement Public De Diffusion Dit "Telediffusion De France" | System for transmitting information provided with means for controlling access to the information transmitted |
| US4337483A (en) * | 1979-02-06 | 1982-06-29 | Etablissement Public De Diffusion Dit "Telediffusion De France" | Text video-transmission system provided with means for controlling access to the information |
| US4354201A (en) * | 1979-06-15 | 1982-10-12 | Etablissement Public De Diffusion Dit: Telediffusion De France | Television system with access control |
| US4434322A (en) * | 1965-08-19 | 1984-02-28 | Racal Data Communications Inc. | Coded data transmission system |
| US4531021A (en) * | 1980-06-19 | 1985-07-23 | Oak Industries Inc. | Two level encripting of RF signals |
| US4639548A (en) * | 1984-04-03 | 1987-01-27 | Nec Corporation | Digital communication system including an error correcting encoder/decoder and a scrambler/descrambler |
| US4694491A (en) * | 1985-03-11 | 1987-09-15 | General Instrument Corp. | Cryptographic system using interchangeable key blocks and selectable key fragments |
-
1987
- 1987-03-12 US US07/025,236 patent/US4771458A/en not_active Expired - Lifetime
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4434322A (en) * | 1965-08-19 | 1984-02-28 | Racal Data Communications Inc. | Coded data transmission system |
| US4159468A (en) * | 1977-11-17 | 1979-06-26 | Burroughs Corporation | Communications line authentication device |
| US4323921A (en) * | 1979-02-06 | 1982-04-06 | Etablissement Public De Diffusion Dit "Telediffusion De France" | System for transmitting information provided with means for controlling access to the information transmitted |
| US4337483A (en) * | 1979-02-06 | 1982-06-29 | Etablissement Public De Diffusion Dit "Telediffusion De France" | Text video-transmission system provided with means for controlling access to the information |
| US4354201A (en) * | 1979-06-15 | 1982-10-12 | Etablissement Public De Diffusion Dit: Telediffusion De France | Television system with access control |
| US4292650A (en) * | 1979-10-29 | 1981-09-29 | Zenith Radio Corporation | Stv Subscriber address system |
| US4531021A (en) * | 1980-06-19 | 1985-07-23 | Oak Industries Inc. | Two level encripting of RF signals |
| US4639548A (en) * | 1984-04-03 | 1987-01-27 | Nec Corporation | Digital communication system including an error correcting encoder/decoder and a scrambler/descrambler |
| US4694491A (en) * | 1985-03-11 | 1987-09-15 | General Instrument Corp. | Cryptographic system using interchangeable key blocks and selectable key fragments |
Cited By (92)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4881263A (en) * | 1987-09-25 | 1989-11-14 | Digital Equipment Corporation | Apparatus and method for secure transmission of data over an unsecure transmission channel |
| US4924513A (en) * | 1987-09-25 | 1990-05-08 | Digital Equipment Corporation | Apparatus and method for secure transmission of data over an unsecure transmission channel |
| US5505901A (en) * | 1988-03-10 | 1996-04-09 | Scientific-Atlanta, Inc. | CATV pay per view interdiction system method and apparatus |
| US5323462A (en) * | 1988-03-10 | 1994-06-21 | Scientific-Atlanta, Inc. | CATV subscriber disconnect switch |
| US4995080A (en) * | 1988-08-04 | 1991-02-19 | Zenith Electronics Corporation | Television signal scrambling system and method |
| US6493878B1 (en) | 1988-10-17 | 2002-12-10 | Lord Samuel A Kassatly | Method and apparatus for tv broadcasting and reception |
| US5134656A (en) * | 1989-02-22 | 1992-07-28 | Kudelski S.A. Fabrique D'enregistruers Nagra | Pre-payment television system using a memory card associated with a decoder |
| US5592639A (en) * | 1989-04-04 | 1997-01-07 | Laboratoire Europeen De Recherches Electroniques Avancees Societe En Nom Collectif | Device and method for writing in a storage device of the queue type |
| US5081678A (en) * | 1989-06-28 | 1992-01-14 | Digital Equipment Corporation | Method for utilizing an encrypted key as a key identifier in a data packet in a computer network |
| WO1991003896A3 (en) * | 1989-09-07 | 1991-11-28 | Verran Electronics Limited | Computer communications system |
| WO1991003896A2 (en) * | 1989-09-07 | 1991-03-21 | Verran Electronics Limited | Computer communications system |
| US4965881A (en) * | 1989-09-07 | 1990-10-23 | Northern Telecom Limited | Linear feedback shift registers for data scrambling |
| US5091938A (en) * | 1990-08-06 | 1992-02-25 | Nec Home Electronics, Ltd. | System and method for transmitting entertainment information to authorized ones of plural receivers |
| US5406627A (en) * | 1990-08-06 | 1995-04-11 | Nec Home Electronics, Ltd. | Digital data cryptographic system |
| US5245420A (en) * | 1990-11-27 | 1993-09-14 | Scientific-Atlanta, Inc. | CATV pay per view interdiction system |
| US5164986A (en) * | 1991-02-27 | 1992-11-17 | Motorola, Inc. | Formation of rekey messages in a communication system |
| EP0564825A3 (en) * | 1992-03-11 | 1995-05-03 | Nokia Technology Gmbh | Method for identification of secret data messages in a uni-directional multipoint network using cyclic redundancy checks |
| EP0564825A2 (en) * | 1992-03-11 | 1993-10-13 | NOKIA TECHNOLOGY GmbH | Method for identification of secret data messages in a uni-directional multipoint network using cyclic redundancy checks |
| EP0637172A1 (en) * | 1993-07-30 | 1995-02-01 | Sony Corporation | Apparatus for scrambling a digital video signal |
| US5600721A (en) * | 1993-07-30 | 1997-02-04 | Sony Corporation | Apparatus for scrambling a digital video signal |
| AU678479B2 (en) * | 1993-07-30 | 1997-05-29 | Sony Corporation | Apparatus for scrambling a digital video signal |
| EP0641130A1 (en) * | 1993-08-23 | 1995-03-01 | Matsushita Electric Industrial Co., Ltd. | Scramble transmission apparatus and signal processing apparatus |
| US5515437A (en) * | 1993-08-23 | 1996-05-07 | Matsushita Electric Industrial Co., Ltd. | Scramble transmission apparatus and signal processing apparatus |
| US5668946A (en) * | 1993-09-01 | 1997-09-16 | Zenith Electronics Corporation | System for cable communication wherein interpretively coded data transmitted from headend selectively initiate loop free instruction sets stored in receiver-decoder to affect the behavior thereof |
| US6636970B2 (en) * | 1995-02-14 | 2003-10-21 | Fujitsu Limited | Software encoding using a combination of two types of encoding and encoding type identification information |
| US5784462A (en) * | 1995-08-28 | 1998-07-21 | Sanyo Electric Co., Ltd. | Digital signal receiver capable of receiving data encrypted and transmitted in online processing |
| US5859912A (en) * | 1996-03-22 | 1999-01-12 | General Electric Company | Digital information privacy system |
| US6009174A (en) * | 1996-10-31 | 1999-12-28 | Matsushita Electric Industrial Co., Ltd. | Secret key transfer method which is highly secure and can restrict the damage caused when the secret key is leaked or decoded |
| US6160890A (en) * | 1996-10-31 | 2000-12-12 | Matsushita Electric Industrial Co., Ltd. | Secret key transfer method which is highly secure and can restrict the damage caused when the secret key is leaked or decoded |
| US6684198B1 (en) * | 1997-09-03 | 2004-01-27 | Sega Enterprises, Ltd. | Program data distribution via open network |
| WO1999040742A1 (en) * | 1998-02-04 | 1999-08-12 | Nokia Networks Oy | Data transmission method with encryption performed in an internal card unit (tru) |
| US7571451B2 (en) * | 1999-03-31 | 2009-08-04 | Cox Communications, Inc. | Method and apparatus for performing session based conditional access |
| US20030154474A1 (en) * | 1999-03-31 | 2003-08-14 | Bertram Michael C. | Method and apparatus for performing session based conditional access |
| US8054978B2 (en) * | 1999-07-15 | 2011-11-08 | Nds Limited | Key management for content protection |
| US7188242B2 (en) | 1999-07-15 | 2007-03-06 | Nds Ltd. | Key management for content protection |
| US6880081B1 (en) * | 1999-07-15 | 2005-04-12 | Nds Ltd. | Key management for content protection |
| US20080222695A1 (en) * | 1999-07-15 | 2008-09-11 | Nds Limited | Key management for content protection |
| US7382884B2 (en) | 1999-07-15 | 2008-06-03 | Nds Ltd. | Key management for content protection |
| US20080025517A1 (en) * | 1999-07-15 | 2008-01-31 | Nds Limited | Key management for content protection |
| US20050177719A1 (en) * | 1999-07-15 | 2005-08-11 | Nds Ltd. | Key management for content protection |
| US7263611B2 (en) | 1999-07-15 | 2007-08-28 | Nds Ltd. | Key management for content protection |
| US20020112154A1 (en) * | 1999-12-30 | 2002-08-15 | Clyde Riley Wallace | Secure network user states |
| US6920560B2 (en) * | 1999-12-30 | 2005-07-19 | Clyde Riley Wallace, Jr. | Secure network user states |
| EP2273812A1 (en) * | 2000-03-03 | 2011-01-12 | Qualcomm Incorporated | Method and apparatus for synchronizing encryption and decryption of a data frame in a communication network |
| US9143484B2 (en) | 2000-03-03 | 2015-09-22 | Qualcomm Incorporated | System for collecting billable information in a group communication network |
| US7689822B2 (en) * | 2000-03-03 | 2010-03-30 | Qualcomm Incorporated | Communication device for providing security in a group communication network |
| US20040179689A1 (en) * | 2000-03-03 | 2004-09-16 | Mark Maggenti | Communication device for providing security in a group communication network |
| US20100233993A1 (en) * | 2000-03-03 | 2010-09-16 | Qualcomm Incorporated | System for collecting billable information in a group communication network |
| US6628725B1 (en) | 2001-03-28 | 2003-09-30 | Ciena Corporation | Method and system for encoding data for transmission over a serial link |
| WO2002080479A1 (en) * | 2001-03-28 | 2002-10-10 | Ciena Corporation | Method and system for encoding data for transmission over a serial link |
| US6902257B2 (en) * | 2001-11-08 | 2005-06-07 | Benq Corporation | Fluid injection head structure and method for manufacturing the same |
| US20050160972A1 (en) * | 2002-03-14 | 2005-07-28 | Commonwealth Scientific And Industrial Research Organization | Method and resulting structure for manufacturing semiconductor substrates |
| US7155634B1 (en) * | 2002-10-25 | 2006-12-26 | Storage Technology Corporation | Process for generating and reconstructing variable number of parity for byte streams independent of host block size |
| US20060136778A1 (en) * | 2002-10-25 | 2006-06-22 | Graverand Philippe Y L | Process for generating and reconstructing variable number of parity for byte streams independent of host block size |
| US7623662B2 (en) | 2003-11-03 | 2009-11-24 | Sony Corporation | Default encryption and decryption |
| US20050097340A1 (en) * | 2003-11-03 | 2005-05-05 | Pedlow Leo M.Jr. | Default encryption and decryption |
| US7444523B2 (en) | 2004-08-27 | 2008-10-28 | Microsoft Corporation | System and method for using address bits to signal security attributes of data in the address space |
| US7822993B2 (en) | 2004-08-27 | 2010-10-26 | Microsoft Corporation | System and method for using address bits to affect encryption |
| US20060047936A1 (en) * | 2004-08-27 | 2006-03-02 | Microsoft Corporation | System and method for using address lines to control memory usage |
| US20060059553A1 (en) * | 2004-08-27 | 2006-03-16 | Microsoft Corporation | System and method for using address bits to affect encryption |
| US7734926B2 (en) * | 2004-08-27 | 2010-06-08 | Microsoft Corporation | System and method for applying security to memory reads and writes |
| US20060047972A1 (en) * | 2004-08-27 | 2006-03-02 | Microsoft Corporation | System and method for applying security to memory reads and writes |
| US7653802B2 (en) | 2004-08-27 | 2010-01-26 | Microsoft Corporation | System and method for using address lines to control memory usage |
| US7548563B1 (en) * | 2005-04-01 | 2009-06-16 | Marvell International Ltd. | Data transmission using address encoding |
| US8077742B1 (en) | 2005-04-01 | 2011-12-13 | Marvell International Ltd. | Data transmission using address encoding |
| US20070146194A1 (en) * | 2005-12-22 | 2007-06-28 | Sanyo Electric Co., Ltd. | Encoding Circuit and Digital Signal Processing Circuit |
| US7885989B2 (en) * | 2005-12-22 | 2011-02-08 | Sanyo Electric Co., Ltd. | Encoding circuit and digital signal processing circuit |
| US20070211456A1 (en) * | 2006-03-10 | 2007-09-13 | Spika Kevin W | Decorative lighting assembly |
| US20100020976A1 (en) * | 2006-05-30 | 2010-01-28 | Yong Ma | method of decryption key switching, a decryption device and a terminal equipment |
| US20080101595A1 (en) * | 2006-10-26 | 2008-05-01 | Samsung Electronics Co.; Ltd | Error correction system and method for mobile terminal |
| US20130212398A1 (en) * | 2007-12-20 | 2013-08-15 | Bce Inc. | Method and system for validating a device that uses a dynamic identifier |
| US8412638B2 (en) * | 2007-12-20 | 2013-04-02 | Bce Inc. | Method and system for validating a device that uses a dynamic identifier |
| US20090240946A1 (en) * | 2007-12-20 | 2009-09-24 | Tet Hin Yeap | Dynamic identifier for use in identification of a device |
| US9971986B2 (en) * | 2007-12-20 | 2018-05-15 | Bce Inc. | Method and system for validating a device that uses a dynamic identifier |
| US20090160615A1 (en) * | 2007-12-20 | 2009-06-25 | Bce Inc. | Contact-less tag with signature, and applications thereof |
| US20100185865A1 (en) * | 2007-12-20 | 2010-07-22 | Bce Inc. | Generation of communication device signatures for use in securing nomadic electronic transactions |
| US20090160649A1 (en) * | 2007-12-20 | 2009-06-25 | Bce Inc. | Contact-less tag with signature, and applications thereof |
| US9305282B2 (en) | 2007-12-20 | 2016-04-05 | Bce Inc. | Contact-less tag with signature, and applications thereof |
| US20090216679A1 (en) * | 2007-12-20 | 2009-08-27 | Tet Hin Yeap | Method and system for validating a device that uses a dynamic identifier |
| US8553888B2 (en) | 2007-12-20 | 2013-10-08 | Bce Inc. | Generation of communication device signatures for use in securing nomadic electronic transactions |
| US10726385B2 (en) | 2007-12-20 | 2020-07-28 | Bce Inc. | Contact-less tag with signature, and applications thereof |
| US8719902B2 (en) * | 2008-08-29 | 2014-05-06 | Panasonic Corporation | Secure communication device, secure communication method, and program |
| US20110162044A1 (en) * | 2008-08-29 | 2011-06-30 | Panasonic Corporation | Secure communication device, secure communication method, and program |
| US20110176673A1 (en) * | 2008-10-07 | 2011-07-21 | Fujitsu Limited | Encrypting apparatus |
| US9037859B2 (en) | 2008-12-18 | 2015-05-19 | Bce Inc. | Processing of communication device signatures for use in securing nomadic electronic transactions |
| US9231928B2 (en) | 2008-12-18 | 2016-01-05 | Bce Inc. | Validation method and system for use in securing nomadic electronic transactions |
| US20120124613A1 (en) * | 2010-11-17 | 2012-05-17 | Verizon Patent And Licensing, Inc. | Content entitlement determinations for playback of video streams on portable devices |
| US9819987B2 (en) * | 2010-11-17 | 2017-11-14 | Verizon Patent And Licensing Inc. | Content entitlement determinations for playback of video streams on portable devices |
| US9397825B2 (en) * | 2013-05-30 | 2016-07-19 | Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno | Method and system for reconstruction of a data object from distributed redundant data parts |
| US20140359287A1 (en) * | 2013-05-30 | 2014-12-04 | Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno | Method and system for reconstruction of a data object from distributed redundant data parts |
| US9684792B2 (en) * | 2013-12-10 | 2017-06-20 | Thales | Critical data transmission architecture in avionics systems |
| US20150161403A1 (en) * | 2013-12-10 | 2015-06-11 | Thales | Critical data transmission architecture in avionics systems |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US4771458A (en) | Secure data packet transmission system and method | |
| US4944006A (en) | Secure data packet transmission system and method | |
| US5381481A (en) | Method and apparatus for uniquely encrypting a plurality of services at a transmission site | |
| US5115467A (en) | Signal encryption apparatus for generating common and distinct keys | |
| US5018197A (en) | Secure video decoder system | |
| US4887296A (en) | Cryptographic system for direct broadcast satellite system | |
| EP0094423B1 (en) | A security system for sstv encryption | |
| US4995080A (en) | Television signal scrambling system and method | |
| US4694491A (en) | Cryptographic system using interchangeable key blocks and selectable key fragments | |
| USRE33189E (en) | Security system for SSTV encryption | |
| US5144664A (en) | Apparatus and method for upgrading terminals to maintain a secure communication network | |
| US4803725A (en) | Cryptographic system using interchangeable key blocks and selectable key fragments | |
| US7565546B2 (en) | System, method and apparatus for secure digital content transmission | |
| US7957531B2 (en) | Method and apparatus for detection of loss of cipher synchronization | |
| JP2004320819A (en) | Method and apparatus for uniquely enciphering data for terminal office | |
| NO166909B (en) | KEY SIGNAL SYSTEM FOR AA REPRODUCES A SUBSCRIBER KEY SIGNAL IN A SIGNAL RECOGNITOR. | |
| US4876718A (en) | Secure data packet transmission system and method | |
| JPH08298657A (en) | Method and apparatus for increase delivery of access | |
| EP0448534A2 (en) | Method and apparatus for encryption/decryption of digital multisound in television | |
| JPH08195735A (en) | Decoder | |
| US4811394A (en) | Variable starting state scrambling circuit | |
| US20040075773A1 (en) | Scrambler, descrambler and the program for scrambling or descrambling | |
| US5272752A (en) | Authorization code lockout mechanism for preventing unauthorized reception of transmitted data | |
| EP0179612A2 (en) | Cryptographic system for direct broadcast satellite network | |
| US4817144A (en) | Secure TV scrambling system using framing code switching |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment |
Owner name: ZENITH ELECTRONICS CORPORATION, 1000 MILWAUKEE AVE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST.;ASSIGNORS:CITTA, RICHARD W.;GOSC, PAUL M.;MUTZABAUGH, DENNIS M.;AND OTHERS;REEL/FRAME:004891/0587 Effective date: 19870312 Owner name: ZENITH ELECTRONICS CORPORATION, ILLINOIS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CITTA, RICHARD W.;GOSC, PAUL M.;MUTZABAUGH, DENNIS M.;AND OTHERS;REEL/FRAME:004891/0587 Effective date: 19870312 |
|
| STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
| FPAY | Fee payment |
Year of fee payment: 4 |
|
| AS | Assignment |
Owner name: FIRST NATIONAL BANK OF CHICAGO, THE Free format text: SECURITY INTEREST;ASSIGNOR:ZENITH ELECTRONICS CORPORATION A CORP. OF DELAWARE;REEL/FRAME:006187/0650 Effective date: 19920619 |
|
| AS | Assignment |
Owner name: ZENITH ELECTRONICS CORPORATION Free format text: RELEASED BY SECURED PARTY;ASSIGNOR:FIRST NATIONAL BANK OF CHICAGO, THE (AS COLLATERAL AGENT).;REEL/FRAME:006243/0013 Effective date: 19920827 |
|
| FPAY | Fee payment |
Year of fee payment: 8 |
|
| FPAY | Fee payment |
Year of fee payment: 12 |